The configuration page in version 7.1.9 and below of op5 allows the ability to test a system command, which can be abused to run arbitrary code as an unprivileged user.
34a689b22e757960916b2b0af3d9484a9d86ebc2d53f95c0c172deab2122b07eTHC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
9e88496aca1d7ee94410cf3e3d87bc8cbaa91e37fd5ef700cab2f55ce92b4ac4Gemalto Sentinel License Manager version 18.0.1 suffers from a directory traversal vulnerability.
b6f5fa824af2472d89f14922b1eecb858b838bc8381d5dfedbce1270a4f00f76Papouch TME ethernet thermometer and TME multi: Temperature and humidity via ethernet both suffer from cross site request forgery, hardcoded backdoor super user accounts, and missing access controls.
f0ee50dfb9961307792f4a00e338a077ffcc384ad59b75c9c48148eb47af0af9HP StoreEver MSL6480 Tape Library version 4.10 suffers from cross site request forgery, weak default credentials, and access control vulnerabilities.
8f08337957222b11d4c4a443649d9ff928174b1dd9235eb25bb284e0dc7cb01dGentoo Linux Security Advisory 201606-5 - Multiple vulnerabilities have been found in spice, the worst of which may result in the remote execution of arbitrary code. Versions less than 0.12.7-r1 are affected.
1d66db877a2f969ac356bd3b70ccfafe3d4d009d836c4386f20de29ce0e797cfThe bulletin summary for June 2016 has been updated to include an additional out-of-band bulletin, MS16-083.
08f11678b62ba7b224c955b050b4fe4c6ccd775f9eadf6fc16fe0c29afd509ccVicidial version 2.11 suffers from a reflective cross site scripting vulnerability.
470527fc33fccb2596dd91bd347a8e1ba1e96a9b5a7baa96273bae4002438f37Python's built-in URL library ("urllib2" in 2.x and "urllib" in 3.x) is vulnerable to protocol stream injection attacks (a.k.a. "smuggling" attacks) via the http scheme.
9fea0de30ead37c21a774ad8b50ab697e88f3e051112390e3be85d2e599d044fThis proof of concept crashes 32-bit Windows 7 with special pool enabled on win32k.sys. It might take several runs in order to reproduce.
b7aa281ca915adfcd3f0036cfcc5520eaeec49ed0e0bd9d5eefcf699d19dd4d5This proof of concept triggers a blue screen on Windows 7 with special pool enabled on win32k.sys. A reference to the bitmap object still exists in the device context after it has been deleted.
f04d7b9b1c0e9540acf78ea24f4a7cb1a5447a0d505993588c4d2ec4d70d0eefThis Metasploit module simplifies the Regsvr32.exe Application Whitelisting Bypass technique. The module creates a web server that hosts an .sct file. When the user types the provided regsvr32 command on a system, regsvr32 will request the .sct file and then execute the included PowerShell command. This command then downloads and executes the specified payload (similar to the web_delivery module with PSH). Both web requests (i.e., the .sct file and PowerShell download and execute) can occur on the same port.
653e52256863e298ea027d1fbc2e93563d971499a730d085d1bbd98fa0c2ab72Roxy File Manager versions 1.4.4 and below suffer from a remote shell upload vulnerability.
85c837a12824706aaefba54d873df121becb48e231016a8e0f38d349a8ec7130HP Security Bulletin HPSBNS03625 1 - NonStop Application Server for Java (NSASJ) has addressed the cross-protocol Attack on TLS using SSLv2 also known as "DROWN". This vulnerability could be exploited remotely resulting in disclosure of information. Note: NSASJ configurations that have enabled SSL/TLS are vulnerable if SSLv2 is enabled or they share private keys with systems that have it enabled. Revision 1 of this advisory.
c3e94f79879e500eb0df374f911ece7d9787942c754b7671f21cb5eb956ce26fHP Security Bulletin HPSBGN03553 1 - HP OneView has addressed stack based buffer overflows in glibc's implementation of getaddrinfo() and also a vulnerability in OpenSSL. These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of the user running glibc library. Revision 1 of this advisory.
3617e671a811e5e4891b16d55373f0c543a2327eaeb55d97e84f1a429f8e0a07Multiple ATCOM PBX systems suffer from an authentication bypass vulnerability.
8dfb3eca25689e91bfe4c801bf3df1163e8c3c7334d4429d6b0549a9c76936a3Several functions in the GPU command buffer service interact with the GPU mailbox manager (gpu/command_buffer/service/mailbox_manager_impl.cc), passing a reference to shared memory as the mailbox argument. MailboxManagerImpl does not expect this mailbox argument to be malleable in this way, and it is in several places copied and passed to various stl functions, resulting in unexpected behavior from double-reads when an attacker modifies the mailbox name mid function.
f8a976a14646044c7e5586eef81525079a7a9db25b46316e0dc9807036d3e4bcThe GPU buffer manager doesn't handle pointers to shared memory with adequate care, allowing an attacker to bypass chrome's validation and pass invalid buffer data to the hosting OpenGL implementation.
3578fb463723277d9877188292fda698fe97933942361d753ccab3bd0d6f2d9eJson2Html javascript library suffers from a cross site scripting vulnerability.
c1d9df792a2e871f24882a4c9e37dffb7c6ab9bfcbbc66857d3b9b1b97e24843Slim CMS version 0.1 suffers from a cross site request forgery vulnerability.
fd24e756bfb55998e55147903393b302ca7a56ca3ccd23276855b02bbf47239a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed